由于某种原因,我的 IP 地址被禁止使用 ssh 或 sftp。我使用其他 IP 连接到服务器没有问题,使用自己的 IP 访问所有其他服务(如 http、teamspeak)也没有问题。
我搜索了 iptables 但没有结果,添加了我的 ip 以允许:
Chain num pkts bytes target prot opt in out source destination
ALLOWIN 1 88230 4544K ACCEPT all -- !lo * my.ip.here 0.0.0.0/0
ALLOWOUT 1 88514 11M ACCEPT all -- * !lo 0.0.0.0/0 my.ip.here
另外:将我的 IP 添加为“alloweduser”[电子邮件保护]在 sshd_config 中。在 hosts.allowed 中添加了我的 ip。未在 hosts.deny 中列出。尝试连接到 ip 而不是主机名。重新启动。下载了谷歌数据中心的一半。(比喻)......等等。
我仍然收到服务器意外关闭网络连接的错误。
我的 IP 地址是半永久的,这让我很恼火和沮丧,因为我不知道为什么我无法使用自己的 IP 连接。我可以通过 ssh 或 sftp 访问此服务器的唯一方法是使用其他服务器连接到它或通过 teamviewer 借用别人的 PC。
编辑:IP 似乎没有被禁止,我可以使用同一 IP 在其他计算机上进行连接。
还有其他想法吗?:s
编辑:根据要求添加:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- !lo * 213.186.33.99 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- !lo * 213.186.33.99 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- !lo * 213.186.33.99 0.0.0.0/0 tcp spt:53
996 88927 ACCEPT udp -- !lo * 213.186.33.99 0.0.0.0/0 udp spt:53
14M 1554M LOCALINPUT all -- !lo * 0.0.0.0/0 0.0.0.0/0
3036K 248M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3306K 604M INVALID tcp -- !lo * 0.0.0.0/0 0.0.0.0/0
14M 1527M ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
959 50296 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
418 24660 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
120 6800 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25
1 40 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
259K 14M ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:110
2 100 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:143
73 3780 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443
2 100 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:465
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:993
2 100 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:995
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2008
712 42720 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2222
3 120 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:3306
0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:9987
610 36600 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:10011
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:22
8 895 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:2008
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:3306
3324 358K ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:9987
0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:10011
62941 2076K ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
1 56 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 11
22 3539 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmp type 3
17689 933K LOGDROPIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 213.186.33.99 tcp dpt:53
1016 72259 ACCEPT udp -- * !lo 0.0.0.0/0 213.186.33.99 udp dpt:53
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 213.186.33.99 tcp spt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 213.186.33.99 udp spt:53
21M 6176M LOCALOUTPUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
131 8015 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
31705 2660K ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp dpt:53
3 132 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp spt:53
8 493 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp spt:53
3036K 248M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
3014K 4013M INVALID tcp -- * !lo 0.0.0.0/0 0.0.0.0/0
21M 6156M ACCEPT all -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
639 38340 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
7762 466K ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:110
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:113
5 300 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:993
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:995
24 1440 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2008
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2222
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:3306
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:9987
0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:10011
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:22
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:113
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:123
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:2008
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:3306
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:9987
0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:10011
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 8
3 1728 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmp type 3
9507 1599K LOGDROPOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain ALLOWIN (1 references)
pkts bytes target prot opt in out source destination
169K 8151K ACCEPT all -- !lo * my.ip.is.here 0.0.0.0/0
Chain ALLOWOUT (1 references)
pkts bytes target prot opt in out source destination
169K 16M ACCEPT all -- * !lo 0.0.0.0/0 my.ip.is.here
Chain DENYIN (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- !lo * 119.27.26.112 0.0.0.0/0
0 0 DROP all -- !lo * 93.146.193.237 0.0.0.0/0
1 60 DROP all -- !lo * 182.100.67.115 0.0.0.0/0
0 0 DROP all -- !lo * 80.179.145.180 0.0.0.0/0
0 0 DROP all -- !lo * 182.100.67.102 0.0.0.0/0
19 1128 DROP all -- !lo * 200.161.210.250 0.0.0.0/0
456 27360 DROP all -- !lo * 80.82.65.61 0.0.0.0/0
11 740 DROP all -- !lo * 218.87.111.108 0.0.0.0/0
21 1604 DROP all -- !lo * 43.255.188.162 0.0.0.0/0
13 956 DROP all -- !lo * 182.100.67.114 0.0.0.0/0
81 3888 DROP all -- !lo * 59.92.245.31 0.0.0.0/0
606 29128 DROP all -- !lo * 180.214.233.74 0.0.0.0/0
16 1128 DROP all -- !lo * 58.218.211.166 0.0.0.0/0
19 1396 DROP all -- !lo * 218.65.30.73 0.0.0.0/0
Chain DENYOUT (1 references)
pkts bytes target prot opt in out source destination
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 119.27.26.112
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 93.146.193.237
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 182.100.67.115
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 80.179.145.180
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 182.100.67.102
18 1293 LOGDROPOUT all -- * !lo 0.0.0.0/0 200.161.210.250
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 80.82.65.61
10 1360 LOGDROPOUT all -- * !lo 0.0.0.0/0 218.87.111.108
11 1496 LOGDROPOUT all -- * !lo 0.0.0.0/0 43.255.188.162
10 1360 LOGDROPOUT all -- * !lo 0.0.0.0/0 182.100.67.114
0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 59.92.245.31
15 1065 LOGDROPOUT all -- * !lo 0.0.0.0/0 180.214.233.74
10 1360 LOGDROPOUT all -- * !lo 0.0.0.0/0 58.218.211.166
10 1360 LOGDROPOUT all -- * !lo 0.0.0.0/0 218.65.30.73
Chain INVALID (2 references)
pkts bytes target prot opt in out source destination
17270 1031K INVDROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
705 240K INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW
Chain INVDROP (10 references)
pkts bytes target prot opt in out source destination
17975 1271K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOCALINPUT (1 references)
pkts bytes target prot opt in out source destination
14M 1554M ALLOWIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
14M 1546M DENYIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain LOCALOUTPUT (1 references)
pkts bytes target prot opt in out source destination
21M 6176M ALLOWOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
21M 6161M DENYOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPIN (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
96 33108 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:113
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
7 547 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:513
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
1 52 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
13095 662K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
297 23542 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
17585 899K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPOUT (15 references)
pkts bytes target prot opt in out source destination
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *TCP_OUT Blocked* '
7110 1173K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *UDP_OUT Blocked* '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
9591 1608K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
不确定“来自您的客户端的 ssh -v 服务器的输出”是什么意思,我使用的客户端是 winscp 和 putty,首先必须能够连接!?
也不确定“服务器上的 tcpdump”具体来自哪里?
编辑:
当我尝试从这台电脑连接时,/var/log/secure 中会显示以下内容:5 月 22 日 19:31:21 whiskey sshd[27252]: 致命:未找到匹配的 mac:客户端 hmac-sha1、hmac-sha1-96、hmac-md5 服务器 hmac-sha2-512、hmac-sha2-256、hmac-ripemd160
已解决:我已将 putty 从 0.62 更新至 0.64,将 winscp 从 5.1.5 更新至 5.7.3,现在一切都恢复正常。不太清楚为什么我起初能够连接到他们,但突然在服务器上待了一小会儿后就无法再连接了……